HIPAA HITECH Compliance News

Risk Assessment Critical for MACRA

An up do date risk assessment is a key element in your MIPS Composite Performance Score.  The MACRA Act which was passed with bilateral support in Congress uses the MIPS score to determine reimbursement for practices.

Continue reading…

Storing encrypted ePHI in the Cloud? Still Need HIPAA Compliance

If you create, receive, maintain, or transmit ePHI you are a business associate and must be HIPAA compliant, even if the data is encrypted and you don't have the key.  Thus saith OCR.

Continue reading…

Quarterly Risk Assessments Might Have Saved St Josephs $10 Million

Leaving 31,800 patient records open and accessible on the Internet cost St Josephs Hospital a $7.5 million dollar settlement of a class action suit and a $2.145 million dollar fine from OCR.  Quarterly risk assessments might have revealed the problem sooner or prevented it from happening at all.

Continue reading…

Got PHI in The Cloud?: Get HIPAA Compliant!

HHS issued new guidelines for covered entities or business associates who use cloud computing to create, maintain, store, transfer, or process PHI.   In a nutshell, every entity involved in the process must be HIPAA compliant even if the data is encrypted.

Continue reading…

Outdated BA Agreements: $400,000 Fine

Old business associate agreements cost Care New England Health System, Providence, R.I. a $400,000 fine.  Business associate agreements need to be updated to reflect current law plus you need to get "suitable assurances" that they are compliant.

Continue reading…

Older Posts